From 71cb27836d6ddda01551f36ec255444c528e77b6 Mon Sep 17 00:00:00 2001
From: "Lubomir I. Ivanov" <lubomirivanov@vmware.com>
Date: Mon, 30 Sep 2019 23:52:01 +0300
Subject: [PATCH] kubeadm: delete boostrap-kubelet.conf after TLS bootstrap on
 init

---
 cmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/cmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go b/cmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go
index ec6a4c04420..aa687fb8669 100644
--- a/cmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go
+++ b/cmd/kubeadm/app/cmd/phases/init/waitcontrolplane.go
@@ -19,6 +19,7 @@ package phases
 import (
 	"fmt"
 	"io"
+	"os"
 	"path/filepath"
 	"text/template"
 	"time"
@@ -100,6 +101,13 @@ func runWaitControlPlanePhase(c workflow.RunData) error {
 		return errors.New("couldn't initialize a Kubernetes cluster")
 	}
 
+	// Deletes the kubelet boostrap kubeconfig file, so the credential used for TLS bootstrap is removed from disk
+	// This is done only on success.
+	bootstrapKubeConfigFile := kubeadmconstants.GetBootstrapKubeletKubeConfigPath()
+	if err := os.Remove(bootstrapKubeConfigFile); err != nil {
+		klog.Warningf("[wait-control-plane] could not delete the file %q: %v", bootstrapKubeConfigFile, err)
+	}
+
 	return nil
 }